Corrections & Clarifications: A previous version of this story incorrectly identified to whom Edward Snowden released classified government information in 2013. Snowden gave the documents to multiple media outlets.
The crusading website WikiLeaks published thousands of documents Tuesday it says detail CIA tools for hacking into web servers, computers, smartphones and even TVs that can be turned into covert microphones.
The website claims the CIA Center for Cyber Intelligence “lost control of the majority of its hacking arsenal,” more than several hundred million lines of code that provide “the entire hacking capacity of the CIA.”
Jake Williams, a security expert with the Georgia-based security firm Rendition Infosec, said the information will be used within days or weeks by hackers and the security firms that combat them.
“My first thought was ‘Wow!’ quickly followed by the realization that this is a treasure trove of information,” he said. “We are regularly dealing with corporations being attacked by nation-state hacking groups. This gives us a lot of insight into how they do it.”
White House spokesman Sean Spicer, questioned at a press briefing, declined to comment on the release.
“These (leaks) appear to be very, very serious,” House Intelligence Committee Chairman Devin Nunes, R-Calif., told reporters at a briefing. “We are extremely concerned, and we are following it closely.” The documents indicate developers created programs in homage to popular culture, such as an implant for computers running Microsoft Windows dubbed “RickyBobby” after the Will Ferrell character in the 2006 film Talladega Nights. A trojan spread via thumb drives was named Fight Club, a reference to the 1996 novel and 1999 movie with Brad Pitt. A smart TV project was called Weeping Angel — recurring villains in the Doctor Who series who only move when no one is watching.
The CIA issued a statement declining comment on the “purported” documents. USA TODAY has not yet been able to confirm the authenticity of the documents nor seen anything in them thus far to indicate the tools were used in the U.S. – or at all.
Rep. Ted Lieu, D-Calif., called for a congressional investigation in to the details contained in the files. “The potential privacy concerns are mind-boggling,” said Lieu, who has a degree in computer science. “We need to know if the CIA lost control of its hacking tools, who may have those tools, and how do we now protect the privacy of Americans.”
WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with portions of it. The website says the CIA hacking division involved “more than 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware.”
“Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook,” WikiLeaks claims. “The CIA had created, in effect, its ‘own NSA’ with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.”
The source of the information, which WikiLeaks did not name, hopes the document dump will initiate “a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” the website says.
According to WikiLeaks, Apple’s iPhone, Google’s Android, Microsoft’s Windows and Samsung smart TVs were among CIA targets. The TVs can be placed in a “fake off” mode, so the owner falsely believes the TV is off when it is on, the documents say. “In ‘fake off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server,” WikiLeaks says.
The notes indicate one of the developers’ major challenges was maintaining an internet connection for long periods of time after the TVs were shut off by owners. There are notes indicating the teams hoped to extend that recording-and-sending time period to last as long as 24 to 72 hours.
At the other end of the technological spectrum, a project appropriately named Pterodactyl set as its goal giving agents a tool to “rapidly copy 3.5 inch floppy disks in a covert manner.” The project appeared to be aimed at a small, easily-concealable device that someone could carry into a space, copy many disks at once and leave with the captured data without the target knowing the disks had been copied.
Microsoft, Google and WhatsApp were among tech firms saying they were looking into the WikiLeaks report. Scott Vernick, a partner with the data security law firm of Fox Rothschild in Philadelphia, said the documents raise the question of whether the CIA shared its tools with the FBI for use in domestic investigations.
Nathan White, senior legislative manager at the nonprofit advocacy group Access Now, said the documents show the need for limits on government hacking and protection of human rights.
“Our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them,” White said.
Wikileaks released thousands of hacked Democratic National Committee emails ahead of last year’s presidential election, in a cyber attack the U.S. intelligence community concluded was carried out by Russia in an attempt to interfere in the race. Wikileaks has denied getting the emails from Russia, which also refuted any involvement in the hacking.
Edward Snowden, who was granted asylum in Russia after his own release of classified government documents to multiple media outlets in 2013, tweeted the documents show the government developed vulnerabilities in U.S. products and left them there. “Reckless beyond words,” Snowden added.
Timothy Carone, a Notre Dame professor who specializes in data science, says the release reinforces the idea that all information in our lives can be acquired and leveraged in ways most people don’t even think about.
“Probably the most disturbing part of the story was that this information was being shared between former U.S. government hackers and contractors with no oversights and no authorization,” he said.
WikiLeaks has conducted a global crusade to expose government secrets through a series of controversial and sometimes embarrassing document dumps in recent years. Chelsea Manning, who leaked hundreds of thousands of classified documents through the WikiLeaks website, is scheduled for release in May after more than six years in prison.
WikiLeaks founder Julian Assange has been holed up in the Ecuadorian embassy in London since 2012 to avoid extradition to Sweden, where he has been accused of sexual assault, and the United States, where he fears possible espionage charges.
Contributing: Nick Penzenstadler, Elizabeth Weise, Brad Heath and John Kelly